Information
Enables emailing security alerts to the subscription owner or other designated security contact.
Rationale:
Enabling security alert emails ensures that security alert emails are received from Microsoft. This ensures that the right people are aware of any potential security issues and are able to mitigate the risk.
Solution
Remediate from Azure Portal
From Azure Home select the Portal Menu
Select Microsoft Defender for Cloud
Under Management, select Environment Settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Under Notification types, check the check box next to Notify about alerts with the following severity (or higher): and select High from the drop down menu
Click Save
Remediate from Azure CLI
Use the below command to set Send email notification for high severity alerts to On.
az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/<$0>/providers/Microsoft.Security/securityContacts/default1?api-version=2017-08-01-preview -d@'input.json''
Where input.json contains the data below, replacing validEmailAddress with a single email address or multiple comma-separated email addresses:
{
'id': '/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default1',
'name': 'default1',
'type': 'Microsoft.Security/securityContacts',
'properties': {
'email': '<validEmailAddress>',
'alertNotifications': 'On',
'alertsToAdmins': 'On'
}
}
Default Value:
By default, Notify about alerts with the following severity (or higher): is set to High.